Update from https://crrev.com/306655

sandbox/linux/bpf_dsl/policy_compiler.h

Index: sandbox/linux/bpf_dsl/policy_compiler.h
diff --git a/sandbox/linux/bpf_dsl/policy_compiler.h b/sandbox/linux/bpf_dsl/policy_compiler.h
index 4ef8cf38d82c6df6c88a9790ea4a5afc7625ab55..8737c422db30323063a9722214a2adfe24351a98 100644
--- a/sandbox/linux/bpf_dsl/policy_compiler.h
+++ b/sandbox/linux/bpf_dsl/policy_compiler.h
@@ -13,6 +13,7 @@
 
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
+#include "sandbox/linux/bpf_dsl/bpf_dsl_forward.h"
 #include "sandbox/linux/seccomp-bpf/codegen.h"
 #include "sandbox/linux/seccomp-bpf/errorcode.h"
 #include "sandbox/sandbox_export.h"
@@ -37,25 +38,9 @@ class SANDBOX_EXPORT PolicyCompiler {
   // the specified error number.
   ErrorCode Error(int err);
 
-  // We can use ErrorCode to request calling of a trap handler. This method
-  // performs the required wrapping of the callback function into an
-  // ErrorCode object.
-  // The "aux" field can carry a pointer to arbitrary data. See EvaluateSyscall
-  // for a description of how to pass data from SetSandboxPolicy() to a Trap()
-  // handler.
-  ErrorCode Trap(TrapRegistry::TrapFnc fnc, const void* aux);
-
-  // Calls a user-space trap handler and disables all sandboxing for system
-  // calls made from this trap handler.
-  // This feature is available only if explicitly enabled by the user having
-  // set the CHROME_SANDBOX_DEBUGGING environment variable.
-  // Returns an ET_INVALID ErrorCode, if called when not enabled.
-  // NOTE: This feature, by definition, disables all security features of
-  //   the sandbox. It should never be used in production, but it can be
-  //   very useful to diagnose code that is incompatible with the sandbox.
-  //   If even a single system call returns "UnsafeTrap", the security of
-  //   entire sandbox should be considered compromised.
-  ErrorCode UnsafeTrap(TrapRegistry::TrapFnc fnc, const void* aux);
+  // Trap returns an ErrorCode to indicate the system call should
+  // instead invoke a trap handler.
+  ErrorCode Trap(TrapRegistry::TrapFnc fnc, const void* aux, bool safe);
 
   // UnsafeTraps require some syscalls to always be allowed.
   // This helper function returns true for these calls.
@@ -77,9 +62,6 @@ class SANDBOX_EXPORT PolicyCompiler {
                             const ErrorCode& passed,
                             const ErrorCode& failed);
 
-  // Kill the program and print an error message.
-  ErrorCode Kill(const char* msg);
-
   // Returns the fatal ErrorCode that is used to indicate that somebody
   // attempted to pass a 64bit value in a 32bit system call argument.
   // This method is primarily needed for testing purposes.
@@ -88,7 +70,6 @@ class SANDBOX_EXPORT PolicyCompiler {
  private:
   struct Range;
   typedef std::vector<Range> Ranges;
-  typedef std::map<uint32_t, ErrorCode> ErrMap;
   typedef std::set<ErrorCode, struct ErrorCode::LessThan> Conds;
 
   // Used by CondExpressionHalf to track which half of the argument it's
@@ -133,6 +114,10 @@ class SANDBOX_EXPORT PolicyCompiler {
   CodeGen::Node AssembleJumpTable(Ranges::const_iterator start,
                                   Ranges::const_iterator stop);
 
+  // CompileResult compiles an individual result expression into a
+  // CodeGen node.
+  CodeGen::Node CompileResult(const ResultExpr& res);
+
   // Returns a BPF program snippet that makes the BPF filter program exit
   // with the given ErrorCode "err". N.B. the ErrorCode may very well be a
   // conditional expression; if so, this function will recursively call
@@ -153,9 +138,6 @@ class SANDBOX_EXPORT PolicyCompiler {
                                    CodeGen::Node passed,
                                    CodeGen::Node failed);
 
-  // MakeTrap is the common implementation for Trap and UnsafeTrap.
-  ErrorCode MakeTrap(TrapRegistry::TrapFnc fnc, const void* aux, bool safe);
-
   const Policy* policy_;
   TrapRegistry* registry_;